Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Martin_Raska
Advisor
Advisor

Full tunnel over SSL VPN/SNX

Hello,

I am seeking advice how to configure Split/Full tunnel per user/user group. The connection to VPN is over SSL portal SNX extender.

Something like this.

FW-A

user group - A : full tunnel, no split tunneling

user group - B : split tunneling only

FW-B

user group - C : full tunnel, no split tunneling

user group - D : split tunneling only

 

environment is Multidomain with VSX and Maestro.

Thanks

0 Kudos
7 Replies
samir-brkic
Participant

could you please provide more details on the purpose of configuring split/full tunneling per user/user group in your SNX SSL portal setup?


Could you please clarify whether you are using the Unified Access Policy or the Legacy Policy for your SSL rulebase?

Typically, with SNX SSL connections, when using the Legacy Policy, full tunneling may not be necessary as access is restricted to the specific applications allowed in the rulebase. This setup usually ensures that routing is managed according to the applications rather than requiring split or full tunneling.

0 Kudos
Martin_Raska
Advisor
Advisor

Purpose is sell it in the same way as other competitors services (PA,FG) whos have solution for that.

(1)
the_rock
Legend
Legend

You nailed it with that statement, could not agree more.

Andy

0 Kudos
the_rock
Legend
Legend

Last time I asked TAC about it, they said it was not possible/supported.

Andy

0 Kudos
PhoneBoy
Admin
Admin

For the full Endpoint client, you can do something like this: https://support.checkpoint.com/results/sk/sk114882 
Not sure you can do this with SNX, though.

0 Kudos
Martin_Raska
Advisor
Advisor

I thought so.

0 Kudos
OliverBayerlein
Participant

Probably there is no full tunnel / hub mode in SNX but you can follow sk32111 Configuring Different Encryption Domains for Different User Groups in SNX and try a "All Internet" Group as Encryption Domain to get a full tunnel for specific user groups.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events